Legal issues arising from the RIAA's lawsuits of intimidation brought against ordinary working people, and other important internet law issues. Provided by Ray Beckerman, P.C.

Saturday, October 22, 2005

A Puzzle for Techies: Did 'Metadata' and 'Hash' Show that Files were Copied?

A puzzle for techies:

In an RIAA case a federal judge said that a screen shot of defendant John Doe Number 7's Kazaa shared files folder was enough to show copyright infringement because

"[RIAA] obtained "metadata" about the files that Doe No. 7 was disseminating, which often reveal who originally copied a particular sound recording from a CD to a computer disk (a process called "ripping") and provide a type of digital fingerprint, called a "hash," that can show whether two users obtained a file from the same source.... Using the metadata associated with the music filed that Doe No. 7 was offering for distribution on Kazaa, plaintiffs have determined that many sound recordings were ripped by different people using different brands of ripping software. Such information creates a strong inference that Doe No. 7 was not simply copying his or her own lawfully purchased CDs onto a computer, but had downloaded those files from other P2P users."

32 comments:

Anonymous
said...

over the last 5 years I have used 3 different operating systems, 2 different processors, and at least 6 different ripping programs to rip my musical cds (I have over 600 legally purchased cds - used to be a dj in college). Additionally, I have downloaded music legally from eMusic.com which has gone through at least 2 different ripping systems. I'd hate to see what my metadata and hash(s) look like - I probably would like a thief. The data will show different OS and ripper information (in some cases) but not necessarily for illegal reasons.

Many ripping programs will attach metadata to audio files, though there are some (mostly open source) ones that will not. I'd hesitate to say that it is a true "digital fingerprint", though it is possible that slight variations in the implementation of the encoding algorithm could have a similar effect, I am not aware of any meaningful data that can be gathered that way.

It is most certain that there is no accurate way to determine who created the file. No useful identity gets maintained through transfers.

Further, it's not illegal to download a file from someone else if you already have a license for it, so some of those files could have been downloaded, but only because they chose not to encode themselves.

If two different copies of the same CD are ripped using the same cda-2-mp3 encoding algorithm at the same bit-rate, then the file's contents and consequentially the hash will be exactly same.

What this basically means is, you can produce identical files on two different machines from two different copies of the same CD. So the argument that a hash is universally unique is completely flawed. If the two file's contents match, then the hash will be the same, it's that simple.

When they say Metadata, i'm assuming they are talking about an mp3's ID3 Tag information.

This information can be changed by anyone extremely easily, for instance with winamp. What this proves is that Metadata can be duplicated many times, in many different files, ergo it's not uniquely identifying.

Finally the Metadata and Hashes can be reproduced from the same music album/single's, which proves it's not unique. If it's not unique, they can't differentiate between an original and a copy.

Besides this, there is no way to tell the difference between a perfect copy and an original, so how can they claim to tell the difference? I think we need to find out more information about the Metadata they are using.

A good example of this would be to buy two copies of the same single from the same music store, rip each one onto two different PC's using the same encoding software, for example, winamp(with the same settings – bit-rate etc).

The file contents should be identical in theory, so if you hash them, they should produce the same values. And as i said, the Metadata contents can be normalized so they are identical.

Now, not trying to appear arrogant, but how exactly is this judge competent enough technically to decide if the RIAA's argument is valid? Surely the court should appoint one or more independent technical advisers to assess the validity of the plaintiffs claim?

And even if by some miracle the two different copies from the same store produce slightly different hashes, there is still no way to determine who's copy is the original and who's is the copy just by analysing the hash and metadata. Which as i said, would be a perfect copy.

How on earth can a screenshot be used as evidence in copyright infringement?

I could create a set blank files named as copyrighted material, stick them into a folder and take a screenshot, then claim they were being shared by somebody. Isn't there some kind of standard for quality of evidence?

It's a sad state of affairs if something so weak as a screenshot can be used to prove copyright infringement.

No, you cannot tell that files were copied just by viewing the metadata/hash of said files. A hash (such as MD5 and CRC) has a certain statistical chance of being duplicated, so it's possible for someone with an actual copy of "Britney.Spears.mp3" to have an actual recording, and another person with the same filename and hash to have a file filled with garbage (or something entirely different, like "Kenny.Rogers.Greatest.Hits.mp3").

In fact, the RIAA should be accutely aware of how easy it is to make files that appear legitimate (have the correct hash and metadata) but are actually garbage because they routinely hire firms to flood P2P networks with trash files that appear to have a correct hash/metadata set, but are in fact garbage.

Metadata in the form of ID3 tags are also "spoofable" (by both the RIAA and consumers/end users). Like one time I was trying to download that Tommy Lee and Pamela Anderson video, and all I got was some hentai anime... :(

The only way they can actually prove infringement occurred would be if they downloaded the file from the accused file sharer, and then that wouldn't be infringement because a copyright holder (nor their agents?) can infringe their own copyright.

Anonymous nailed it, above. If you start from the same source (an audio CD) and use the same "ripping" program with the same settings, the result should be identical and the hash should also be identical. It's a mechanical, deterministic process.

What's more, many such "ripping" programs come with default settings, and some programs (like "Exact Audio Copy" and the "LAME" mp3 encoder) have profiles available for them that will set all the "ripping" settings for you. If two people use the same settings on the same program with the same CD, they'll get identical output.

The short version: identical hashes in no way uniquely identify the source of a song.

It is possible to make a case that unusual metadata (e.g. a particular person's favorite moniker inserted manually in the mp3's "comments" field during the ripping process) is unlikely to have been independently entered by two different people, but you'd need to do more than simply assert it.

The metadata on songs is also generally unreliable as a marker of the source of a recording. Aside from the "unusual material" I noted above, some "ripping" programs will download the metadata for all songs on a CD from a standard library.

I mentioned Exact Audio Copy (EAC), above. There's a set of standard profiles for EAC called the "uberstandard", for example (see http://www.ubernet.org). If that's used, and if the person doing the copying uses the built-in music library access function, he or she will produce mp3's with standard output and standard metadata that will be identical in all respects to that produced by anyone else using the same features.

1. can a screenshot constitute evidence of anything? haven't they got anything better?

2. if 2 files have the same md5 hash you can pretty much bet they are identical. If the 2 files merely have the same mp3 metadata then you cannot be so sure.

3. hashes do not indicate the source of the file.

4. surely for the RIAA to show copyright infringement, they needs to show that the defendant distributed a copy of the copyrighted work to someone who didn't have a license for it. How on earth can hashes or screenshots have any relevance for this?

I think that if they want to use oldfashioned copyright laws that predate the computer era then they need oldfashioned standards of evidence: i.e. proof that person A distributed file to person B (who is not an RIAA agent) and furthermore that person B did not have a license for the file (e.g. perhaps he owned the CD in question and was just downloading the mp3 for a backup).

I am assuming that the hash codes being talked about are of the entire mp3 file and not just the frames of the mp3 audio data itself.

If those hash codes are the same, there is a finite probability that it is the same file, however, as stated above, it is not impossible that two different rippers using exactly the same VERSION of the encoder will produce the same 'core' MP3 file.

The 'core' mp3 file (my definition) consists of just the frames of the encoded audio with no extraneous information included. The first frame of MP3 audio data typically includes a lot of 'metadata' regarding the encoding process. The name and version of the encoder is usually documented here. In many cases, that data is also written into the last frame, or several frames, of the 'core' MP3 file. The encoders are not the only programs that store metadata in that first frame. Others, like MP3Gain, store data relating to how a given file has been normalized such that it can be 'unnormalized' back to its original state. Other programs will 'trim' mp3 audio data frames to get rid of silence at the beginning/end of a file.

A higher level of metadata typically included in the MP3 file, and which surrounds the core MP3 file at the beginning and end, are the ID tags (there are two versions of tags, and both are typically present). There is a huge variance in the info that can be stored in those tags, including an image (typically of the cover artwork) if so desired. This is where the user can enter virtually any data about the audio that is desired.

Any one of these various changes will change the hash code (again, assuming that it is of the entire file, not just the audio data frames). I tag my files in a way that I've not seen elsewhere, so they would be somewhat unique. Typical users would not want their files tagged that way and, if they ever were to get hold of them through some nefarious means, would probably change them. The underlying mp3 audio data is the same; the hash code will not be.

Removing all of the tags would result in a 'core' mp3 file. At that level, same CD, same version of encoder, same settings, no add-on processing, etc. would theoretically produce same core mp3 file with the same resultant hash. AFAIK, the os has nothign to do with this. Having the same hash code neither proves/nor disproves that the files are the same.

At the higher level, with the addition of all of the levels of permutations of labeling/processing, the same hash code would suggest there is a small probability that the files are the same. I would submit that this claim could neither be proven or disproven, however.

Is it fair to say that the consensus of opinion is that (a) the judge should have heard technical evidence rather than take the RIAA's word for it, (b) the metadata could not have established who copied the song onto the disk drive, (c) the hashes could not have established that 2 different users obtained the file from the same source, (d) the RIAA could not have known from the metadata that John Doe was copying the files from other P2P users? I.e., are you saying the judge was wrong?

Let me point out that even if what the judge said isn't true in the general case (and it isn't) It could be true in a specific case. I'd have to look at exactly what metadata they saw, and what it consisted of. But it is easy to figure out a set of data that would indicate either multiple copying sources, or someone delibaretly(sp) trying to look like that case. Depending on what the judge was deciding, this may be sufficient evidence for the purposes at hand. (though I wouldn't expect it to be enough to convict someone who's providing a defence)

Fair warning: I'm an electronics engineer, not a computer scientist. I'm also not the person to call as an expert witness; you should use someone with better credentials than I. But from what I've read, the following answers are true. This is intended to point in the right direction.

(a) the judge should have heard technical evidence rather than take the RIAA's word for it

In my opinion, yes.

(b) the metadata could not have established who copied the song onto the disk drive

Absolutely not. There's nothing in the mp3 metadata that includes information on how a file got onto a hard drive, or into a shared folder. The most you might be able to say is when the file was copied there and when it was last accessed.

(c) the hashes could not have established that 2 different users obtained the file from the same source,

You can talk probabilities of whether a song recorded from a CD using unusual settings would be likely to be recorded that way more than once by different people with their own copies of the CD, but overall, your statement above is true.

If two people start off with store-bought copies of the same CD and both make recordings of it, it's very possible they'll end up with identical mp3 files and identical hashes.

(d) the RIAA could not have known from the metadata that John Doe was copying the files from other P2P users?

Again, you can talk probabilities, but it's true there's nothing definitive about the metadata or hashes that would establish with certainty that John Doe copied the files from other P2P users.

Maybe that's too nebulous; I'm an engineer, and love to give caveats. But from everything I've read, it's entirely possible (indeed, likely, depending upon how it was recorded -- there are just a few encoding systems out there that everyone uses) that a song could have been recorded identically by two different people.

Moreover, there's nothing in the mp3 file's metadata that would establish how the file got there, or by whose hand. Anyone can copy a file into a shared directory on a computer by multiple means (e.g. from a USB drive, for example); there's nothing about a p2p program that prevents that.

Worse: mp3 metadata can be altered at will by using commonly available software.

The one thing that might be of help in determining how an mp3 got into a shared folder would be whether or not a filesharing program (e.g. Kazaa) keeps logs of what happens with it. This might be a means to establish where the file came from, if it had been downloaded.

(a) the judge should have heard technical evidence rather than take the RIAA's word for it

Absolutely. The Judge erred when he didn't consult independent technology experts. I sincerely doubt the Judge understood all the technologies in use.

(b) the metadata could not have established who copied the song onto the disk drive,

Correct. The metadata does not identify any of that information. Further, an examination of the defendent's computer would only yield the date and time the file was created (which can be misleading), the date and time it was last accessed, and if the filesystem is NTFS, the user who created or "owns" the file. I cannot stress enough that this information (everything from "Further" onwards) is (generally) not available remotely to other P2P users. Obviously this depends on the P2P technology being used, but as far as I know all existing P2P technology keeps that information private.

(c) the hashes could not have established that 2 different users obtained the file from the same source

Correct again.

(d) the RIAA could not have known from the metadata that John Doe was copying the files from other P2P users?

Also correct. The metadata is just that, meta information about the data in the file. Whether or not that information is accurate or trustworthy is another matter. And it certainly contains no information as to the source of the data, where (or if) it's been transferred, and so on. As far as I know nothing stores that kind of information.

I.e., are you saying the judge was wrong?

Absolutely, positively. And for what it's worth, I work in software, so I like to think I understand all this pretty well. ;)

Ray, Fatal Flaw again. Anyways, I just want to say that the Judge had no buisiness making that decision if he did not already posess the technical means and know how of exactly how mesh and hash work. At the very least an expert should have been brought in to explain it to the judge, an unbiased third party source preferably, so that the judge could surmise the situation appropiately. If I were the RIAA and told the judge the giggaflop interfaces with the koolmo-d on aft port 795 when the snarflog hits 2 and thus clearly proves that Santa Clause murdered JFK, does that mean he should take my word on it without knowing EXACTLY what it meant? I tell ya, if I ever get arrested, I want this judge to oversee my case. I'll bullshit myself circles around him and get off quicker than O.J.

The mesh and hash mean absolutely nothing and should not even be admissible in court becuase not only is it not "tamper proof" but it cannot prove ANYTHING conclusively, and definatly should not be grounds for a conviction or even sway the decision in the general direction of a conviction.

I'll even go one step further to say that ANY judge making this much of an uninformed decision when peoples lives (not life and death, but life in general) are on the line, he's a hazard to himself, those around him, and the judicial system especially in this technological day and age. He should be forcefully removed from the bench and stripped of all titles immediatly before anyone else appears before him.

To take the simplest possible view which may well be where the RIAA is coming from. Let's say you're a dumb user who doesn't know much about MP3 ID tags and never changes them. And you downloaded lots of files via Kazaa. it's quite likely that your collection of files will have things like "A1 R1pping Cru3" in the comment tag and they'll all be different. I would say that this was pretty good circumstantial evidence that you were what I described. "A dumb user, knowing nothing about MP3 tags using Kazaa."

What's more, the presence of such files on your computer simply doesn't prove that the files were downloaded via Kazaa.

If you were talking about a "dumb user" with such files in his or her shared p2p directory, would I suspect that the files had been downloaded? Yep. But it wouldn't be too hard to paint alternate pictures of how the files got there.

The hashing algorithms are used by file sharing programs to ID a file uniquely with a short string of alphanumeric characters. Some hashing algorithms are better than others, and their functionality is measured by the possibility of two different files colliding (having the same hash ID).

The hashing algorithm employed by Kaaza (Fasttrack network) is broken. They use the UUHash algorithm. While UUHash allows very large files to be checksummed in a short time, even on slow computers, it also allows for massive corruption of a file to go unnoticed. In fact, the RIAA affiliates have exploited this weakness to flood the network with corrupted files (spoofs) that have the same hash as the original file. ID’ing a file with this algorithm is unreliable. You can read more about it here:

http://en.wikipedia.org/wiki/UUHash

The hash algorithm merely creates an ID for a file. It does not tell you if the file was uploaded or downloaded or how it was created. Two files that differ by only one bit should have very different hash ID’s. Thus, just changing one character in the metadata of an mp3 should result in a different ID. However, if the same software was used to rip two copies of the same CD with the same type of hardware and the same settings in the software, the two mp3’s should be identical and thus have the same hash ID. Thus, you couldn’t rightly say if the file was uploaded or downloaded. Also, if two files have the same hash, one could have been copied from the other by any means. They didn’t necessarily have to be uploaded or downloaded from the internet.

Metadata are tags stored into mp3s that identify the file’s artist, song title, etc. Sometimes, the software that rips a CD may store a tag into the file. Other times the ripper may put his/her mark on the file by adding a tag. These tags can be added/deleted by anyone so I don’t see how this can be used to ID a file. Metadata is certainly less secure than a hashing algorithm for identification purposes.

The hashing algorithm employed by Kaaza (Fasttrack network) is broken. They use the UUHash algorithm. While UUHash allows very large files to be checksummed in a short time, even on slow computers, it also allows for massive corruption of a file to go unnoticed. In fact, the RIAA affiliates have exploited this weakness to flood the network with corrupted files (spoofs) that have the same hash as the original file. ID’ing a file with this algorithm is unreliable. You can read more about it here:

Ray, this is a HUGE deal. What anonymous posted, above, completely invalidates the use of hashes to uniquely identify music files on Kazaa.

If the hashing algorithm is indeed broken, and if the file can, in fact, be very different while having the same hash (and worse: two people can deliberately create files with the same hash), then the hash is literally useless.

The people who reverse engineered the UUHash algorithm also created the sig2dat extention that allows Kazaa links to be posted onto websites. These guys are truely experts on UUHash, and I'm sure if you contact them, they would be willing to help.

- The dead body could be really well dead- Yes, maybe it looks like a killing- Yes, it is in my house where I am the owner and where I live and therefore everything that happens in there is at first sight my responsibility.

Based on the presence of the dead body in my house, it is a PROOF that I commited the ACTION of killing????

This is not a technical question, is not a matter of files, formats, etc. Is far simpler than that, is a huge fallacy.

I am a business lawyer in New York City, practicing at Ray Beckerman, P.C.. The purpose of this site is to collect and share information about the wave of sham "copyright infringement" lawsuits started by four large record companies, and other areas of concern to digital online copyright law, and to internet law in general. -Ray Beckermanbeckermanlegal.com(Attorney Advertising)

"[T]he Court is concerned about the lack of facts establishing that Defendant was using that IP address at that particular time. Indeed, the [complaint] does not explain what link, if any, there is between Defendant and the IP address. It is possible that Plaintiff sued Defendant because he is the subscriber to IP address .... As recognized by many courts, just because an IP address is registered to an individual does not mean that he or she is guilty of infringement when that IP address is used to commit infringing activity." -Hon. Barry Ted Moskowitz, Chief Judge, S.D. California. January 29, 2013, AF Holdings v. Rogers"The complaints assert that the defendants – identified only by IP address – were the individuals who downloaded the subject “work” and participated in the BitTorrent swarm. However, the assumption that the person who pays for Internet access at a given location is the same individual who allegedly downloaded a single sexually explicit film is tenuous, and one that has grown more so over time." - Hon. Gary R. Brown, Magistrate Judge, E.D.N.Y. May 1, 2012, K-Beech v. Does 1-37"The concern of this Court is that in these lawsuits, potentially meritorious legal and factual defenses are not being litigated, and instead, the federal judiciary is being used as a hammer by a small group of plaintiffs to pound settlements out of unrepresented defendants."-Hon. S. James Otero, Dist. Judge, Central Dist. California, March 2, 2007, Elektra v. O'Brien, 2007 ILRWeb (P&F) 1555"The University has adequately demonstrated that it is not able to identify the alleged infringers with a reasonable degree of technical certainty...[C]ompliance with the subpoena as to the IP addresses represented by these Defendants would expose innocent parties to intrusive discovery....[T]he Court declines to authorize discovery and quashes the subpoena as to Does # 8, 9, and 14" -Hon. Nancy Gertner, Dist. Judge, Dist. Massachusetts, November 24, 2008, London-Sire Records v. Does 1-4"[C]ounsel representing the record companies have an ethical obligation to fully understand that they are fighting people without lawyers... that the formalities of this are basically bankrupting people, and it's terribly critical that you stop it...." -Hon. Nancy Gertner, Dist. Judge, Dist. Massachusetts, June 17, 2008, London-Sire v. Does 1-4"Rule 11(b)(3) requires that a representation in a pleading have evidentiary support and one wonders if the Plaintiffs are intentionally flouting that requirement in order to make their discovery efforts more convenient or to avoid paying the proper filing fees. In my view, the Court would be well within its power to direct the Plaintiffs to show cause why they have not violated Rule 11(b) with their allegations respecting joinder. [I]t is difficult to ignore the kind of gamesmanship that is going on here.....These plaintiffs have devised a clever scheme... to obtain court-authorized discovery prior to the service of complaints, but it troubles me that they do so with impunity and at the expense of the requirements of Rule 11(b)(3) because they have no good faith evidentiary basis to believe the cases should be joined." -Hon. Margaret J. Kravchuk, Magistrate Judge, District of Maine, January 25, 2008, Arista v. Does 1-27, 2008 WL 222283, modified Oct. 29, 2008"[N]either the parties' submissions nor the Court's own research has revealed any case holding the mere owner of an internet account contributorily or vicariously liable for the infringing activities of third persons.....In addition to the weakness of the secondary copyright infringement claims against Ms. Foster, there is a question of the plaintiffs' motivations in pursuing them..... [T]here is an appearance that the plaintiffs initiated the secondary infringement claims to press Ms. Foster into settlement after they had ceased to believe she was a direct or "primary" infringer." -Hon. Lee R. West, District Judge, Western District of Oklahoma, February 6, 2007, Capitol v. Foster, 2007 WL 1028532"[A]n overwhelming majority of cases brought by recording companies against individuals are resolved without so much as an appearance by the defendant, usually through default judgment or stipulated dismissal.....The Defendant Does cannot question the propriety of joinder if they do not set foot in the courthouse." -Hon. S. James Otero, Central District of California, August 29, 2007, SONY BMG v. Does 1-5, 2007 ILRWeb (P&F) 2535"Plaintiffs are ordered to file any future cases of this nature against one defendant at a time, and may not join defendants for their convenience."-Hon. Sam Sparks and Hon. Lee Yeakel, District Judges, Western District of Texas, November 17, 2004, Fonovisa v. Does 1-41, 2004 ILRWeb (P&F) 3053"The Court is unaware of any other authority that authorizes the ex parte subpoena requested by plaintiffs."-Hon. Walter D. Kelley, Jr., District Judge, Eastern District of Virginia, July 12, 2007, Interscope v. Does 1-7, 494 F. Supp. 2d 388, vacated on reconsideration 6/20/08"Plaintiffs contend that unless the Court allows ex parte immediate discovery, they will be irreparably harmed. While the Court does not dispute that infringement of a copyright results in harm, it requires a Coleridgian "suspension of disbelief" to accept that the harm is irreparable, especially when monetary damages can cure any alleged violation. On the other hand, the harm related to disclosure of confidential information in a student or faculty member's Internet files can be equally harmful.....Moreover, ex parte proceedings should be the exception, not the rule."-Hon. Lorenzo F. Garcia, Magistrate Judge, District of New Mexico, May 24, 2007, Capitol v. Does 1-16, 2007 WL 1893603"'Statutory damages must still bear some relation to actual damages." Hon. Michael J. Davis, Dist. Judge, U.S.District Court, Dist. Minnesota, January 22, 2010, Capitol Records v. Thomas-Rasset"[T]his court finds that defendants' use of the same ISP and P2P networks to allegedly commit copyright infringement is, without more, insufficient for permissive joinder under Rule 20. This court will sever not only the moving defendants from this action, but all other Doe defendants except Doe 2." -Hon. W. Earl Britt, District Judge, Eastern District of North Carolina, February 27, 2008, LaFace v. Does 1-38, 2008 WL 544992"[L]arge awards of statutory damages can raise due process concerns. Extending the reasoning of Gore and its progeny, a number of courts have recognized that an award of statutory damages may violate due process if the amount of the award is "out of all reasonable proportion" to the actual harm caused by a defendant's conduct.[T]hese cases are doubtlessly correct to note that a punitive and grossly excessive statutory damages award violates the Due Process Clause....."Hon. Marilyn Hall Patel, Dist. Judge, N.D. California, June 1, 2005, In re Napster, 2005 US DIST Lexis 11498, 2005 WL 1287611"[P]laintiffs can cite to no case foreclosing the applicability of the due process clause to the aggregation of minimum statutory damages proscribed under the Copyright Act. On the other hand, Lindor cites to case law and to law review articles suggesting that, in a proper case, a court may extend its current due process jurisprudence prohibiting grossly excessive punitive jury awards to prohibit the award of statutory damages mandated under the Copyright Act if they are grossly in excess of the actual damages suffered....."-Hon. David G. Trager, Senior District Judge, Eastern Dist. New York, November 9, 2006, UMG v. Lindor, 2006 U.S. Dist. LEXIS 83486, 2006 WL 3335048"'[S]tatutory damages should bear some relation to actual damages suffered'....(citations omitted) and 'cannot be divorced entirely from economic reality'". -Hon. Shira A. Scheindlin, Dist. Judge, Southern Dist. New York, August 19, 2008, Yurman v. Castaneda"The Court would be remiss if it did not take this opportunity to implore Congress to amend the Copyright Act to address liability and damages in peer to peer network cases.... The defendant is an individual, a consumer. She is not a business. She sought no profit from her acts..... [T]he damages awarded in this case are wholly disproportionate to the damages suffered by Plaintiffs." -Hon. Michael J. Davis, District Judge, Dist. Minnesota, September 24, 2008, Capitol v. Thomas"If there is an asymmetry in copyright, it is one that actually favors defendants. The successful assertion of a copyright confirms the plaintiff's possession of an exclusive, and sometimes very valuable, right, and thus gives it an incentive to spend heavily on litigation. In contrast, a successful defense against a copyright claim, when it throws the copyrighted work into the public domain, benefits all users of the public domain, not just the defendant; he obtains no exclusive right and so his incentive to spend on defense is reduced and he may be forced into an unfavorable settlement." US Court of Appeals, 7th Cir., July 9, 2008, Eagle Services Corp. v. H20 Industrial Services, Inc., 532 F.3d 620"Customers who download music and movies for free would not necessarily spend money to acquire the same product.....RIAA’s request problematically assumes that every illegal download resulted in a lost sale."-Hon. James P. Jones, Dist. Judge, Western Dist. Virginia, November 7, 2008, USA v. Dove